Does 'IsInRole()' check against Active Directory groups?

Craig Vedur · Aug 28, 2005

I need to build in some role authentication for a web app... so, going to
use the web.config to build my rules for the location files.

my question is.. does anyone know?

on my development box (out of work), i'm out XP Pro... and i've created
some groups and users to test it...

in the real deal, it's going to be Win 2003 Server using Active
Directory..... Obviously, i dont have AD on XP Pro..... Is it the same
thing? Will it work the same?

Will web.config be able to recognize the groups that a user belongs to to
correctly authorize viewing a page based on role authentication?

So, will IsInRole() check against groups created in Active Directory on
Win2003 Server?

Joe Kaplan \(MVP - ADSI\) · Aug 29, 2005

Yes. It depends on how users are being authenticated by IIS and how you
have ASP.NET configured, but if your web server is a member of a domain that
can authenticate users in your target domain and you have ASP.NET configured
for Windows authentication, IsInRole will answer true/false for the user's
domain groups.

Joe K.

Pat · Aug 29, 2005

Thats true as Joe adviced.
You can check my blog here for more info(There should be a blog relating to
Role Bases Auth).
http://spaces.msn.com/members/naijacoder/
Patrick

Craig Vedur · Aug 29, 2005

Thanks Joe, this worked. I have another question.

Initially, i had a login page on my app and used
System.DirectoryServices.dll to query AD to authenticate a user / pass.

However, it appears that .NET handles this all for me if i disable anonymous
access and use the integerated windows auth. Is this true?

My app poped up a login screen for user / pass / domain.

Joe Kaplan \(MVP - ADSI\) · Aug 30, 2005

Yes, definitely use the built in stuff if you can.

Generally, people do forms auth against AD if there is a technical or policy
problem with making the web server a domain member or someone really wants
forms auth and wants to torture their devs. The Ldap-based
MembershipProvider thing in .NET 2.0 should simplify this more though.

Joe K.

Pat · Aug 31, 2005

Thats true actually i just came across this article here at:-
http://blogs.msdn.com/gduthie/archive/2005/08/17/452905.aspx
using MembershipProvider thing in .NET 2.0 .
Patrick

isInRole	0	Nov 30, 2004
Windows Authentication - not seeing Groups	4	Aug 14, 2008
How to check users against security groups in Active Directory	2	Nov 14, 2007
Does IsInRole() grab just Groups? Can I get Organizational Units?	3	Sep 1, 2005
Active Directory - Groups and Permissions	2	May 2, 2006
Forms Authentication - Active Directory	5	Jun 11, 2007
Getting GROUPS from Active Directory by inputing an AD username	10	Feb 22, 2007
Authenticate against Active Directory	4	May 7, 2008

Does 'IsInRole()' check against Active Directory groups?

Craig Vedur

Joe Kaplan \(MVP - ADSI\)

Pat

Craig Vedur

Joe Kaplan \(MVP - ADSI\)

Pat

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads